Top 3 Risks When Storing Obsolete Data
When old hard drives or data tapes no longer have a place in your organization, you may decide that the easiest or safest place to put them would be in a storage closet. This might seem like a good option for the interim, but there are considerable risks that come into play.
In recent news, the multinational technology firm, IBM, informed Health Net that they could not locate multiple hard drives, stored at one of IBM’s data centers. It has been estimated that 1.9 million people’s medical records were compromised as a result of the implied theft resulting in a data breach. 1 This monstrosity could have been avoided if mandated policies and procedures for handling data were set in place.
Here are the top 3 inherent risks that accompany the storage of obsolete data devices:
- Insufficient Control System– Having a lock and key as the only barriers between a rogue employee and your company’s data stored on obsolete hard drives is obviously not a safe choice. Is it certain who has access to the storage area? Security cameras and badge access controls usually do not storage storage closets. It is also important to note that internal employees are responsible for 17% of data breaches. 2
- Misplacement Risk- Unless asset management takes a count of each of these hard drives frequently, the misplacement of a hard drive can easily go unknown. If your company is at risk of misplacement, then it is also at risk of having to notify your customers that there was a breach.
- Offsite Storage Accountability- There are many things to take into consideration when you store sensitive data in a unit offsite. Think about it: Who has access to the data while it’s not under your supervision? Where is the chain of custody (after all, it is your data)? Are background checks completed for employees managing access to your unit? The lack of a secure, manageable control system is a major threat to the security of your data.
In some situations, you may be required to keep data storage devices longer than you wish. Government regulations or existing corporate policies can extend data retention schedules. Awareness of the three risks mentioned above will help your company protect and defend its data storage devices during these extended periods, given that data may be bound by these requirements.
All in all, though some of these risk details may seem quite tedious, you’ll be happy you paid such close attention in the long run. At the recent AFCOM Data Center World Conference in Orlando, one speaker noted that there are two types of companies: A company that has been breached, and a company that will be breached. Steps must be taken to prevent these types of risks from becoming realities.
Check back in the upcoming weeks for tips and solutions that will help your company avoid these risks.